Hi, we're Oscar. We're hiring a Security Engineer, Privacy & Compliance to join our Security team in our New York office.
Oscar is a technology-driven, consumer-focused health insurance startup founded in 2012 and headquartered in New York City. Our goal is to make health insurance simple, transparent, and human. We need your help to do so.
About the role:
Oscar's business depends on efficient compliance with various industry and government regulations, as well as privacy and security of our customers' and partners' data. We believe that with our already strong controls and processes it should be possible to make engaging with various auditors and regulators easy by dedicating attention to organizing and automating our audit evidence collection, sorting, and retention. We also want to ensure that our systems are putting security, compliance and privacy front and center, making our stack secure, privacy conscious, and compliant by design.
As a member of the Security Engineering team, you'll join our growing security organization alongside other motivated and talented security engineers. We take pride in our ability to find smart and efficient solutions and be organized about our process. You will work together with various peers in engineering and in other parts of the organization. You will report into the Senior Director, Security Engineering.
- You will collect many stories of how different teams operate in their environment, while looking for ways to make the work aligned with compliance, security, and privacy requirements facilitate gathering of the evidence that will be presented to auditors.
- You will find ways to automate information gathering and remove manual dependencies as much as possible.
- You will participate in calls with various regulators and auditors, while representing the company.
The following is a sample list of tasks we oversee:
- Collect SOC1 and SOC2 reports for various vendors
- Collect and analyze various recommendations for SOC1, SOC2, and MAR compliance and make sure those recommendations are implemented across the organization in a timely manner
- Interview various teams to map and document their process
- Write scripts and software to collect evidence
- Work with product managers to suggest quick wins that can be incorporated into roadmaps
- Help identify vendors and SAAS solutions that can be integrated into our flow
- Contribute across other parts of the Security organization
- You have 6+ years professional software engineering experience working with a variety of technologies, and have increasingly impactful accomplishments.
- You are passionate about security, privacy, and compliance.
- Using your technical skills to automate and engineer solutions to manual processes, is energizing for you.
- You can balance company needs with tech needs.
- You're passionate about technologies, whether it be a shiny new thing or an arcane, ill-conceived protocol; our company may be new, but the healthcare industry isn't!
Life at Oscar:
At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves and find both belonging and support. We're on a mission to change health care -- an experience made whole by our unique backgrounds and perspectives.
We encourage our members to care for their whole selves, and we encourage our employees to do the same with comprehensive medical benefits, generous paid-time off, paid parental leave, retirement plans, company social events, stocked kitchens, wellness programs, and volunteer opportunities.
Oscar applicants are considered solely based on their qualifications, without regard to applicant's disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (firstname.lastname@example.org) to make the need for an accommodation known.
Pay Transparency Policy:
Oscar ensures that you won't be discharged or discriminated against based on whether you've inquired about, discussed, or disclosed your pay. Read the full policy here.